diff options
Diffstat (limited to 'ext/xmlrpc/libxmlrpc/xmlrpc.c')
| -rw-r--r-- | ext/xmlrpc/libxmlrpc/xmlrpc.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c index ce70c2afd9..f184cf49ee 100644 --- a/ext/xmlrpc/libxmlrpc/xmlrpc.c +++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c @@ -201,9 +201,13 @@ static int date_from_ISO8601 (const char *text, time_t * value) { } p++; } - text = buf; + *p2 = 0; + text = buf; } + if (strlen(text)<17) { + return -1; + } tm.tm_isdst = -1; @@ -219,16 +223,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) { n = 10; tm.tm_mon = 0; for(i = 0; i < 2; i++) { - XMLRPC_IS_NUMBER(text[i]) + XMLRPC_IS_NUMBER(text[i+4]) tm.tm_mon += (text[i+4]-'0')*n; n /= 10; } tm.tm_mon --; + if(tm.tm_mon < 0 || tm.tm_mon > 11) { + return -1; + } n = 10; tm.tm_mday = 0; for(i = 0; i < 2; i++) { - XMLRPC_IS_NUMBER(text[i]) + XMLRPC_IS_NUMBER(text[i+6]) tm.tm_mday += (text[i+6]-'0')*n; n /= 10; } @@ -236,7 +243,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { n = 10; tm.tm_hour = 0; for(i = 0; i < 2; i++) { - XMLRPC_IS_NUMBER(text[i]) + XMLRPC_IS_NUMBER(text[i+9]) tm.tm_hour += (text[i+9]-'0')*n; n /= 10; } @@ -244,7 +251,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { n = 10; tm.tm_min = 0; for(i = 0; i < 2; i++) { - XMLRPC_IS_NUMBER(text[i]) + XMLRPC_IS_NUMBER(text[i+12]) tm.tm_min += (text[i+12]-'0')*n; n /= 10; } @@ -252,7 +259,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { n = 10; tm.tm_sec = 0; for(i = 0; i < 2; i++) { - XMLRPC_IS_NUMBER(text[i]) + XMLRPC_IS_NUMBER(text[i+15]) tm.tm_sec += (text[i+15]-'0')*n; n /= 10; } |